ABE rules triggering messages for some rules

Discussions about the Application Boundaries Enforcer (ABE) module
access2godzilla
Senior Member
Posts: 109
Joined: Sun May 20, 2012 5:09 pm

ABE rules triggering messages for some rules

Post by access2godzilla »

I have the following rules in ABE:

Code: Select all

Site .googlesyndication.com .google-analytics.com .adzerk.net .scorecardreasearch.com cdn-careers.sstatic.net .quantserve.com .chartbeat.com .2mdn.net .revsci.net .criteo.com .krxd.net .amazon-adsystem.com .doubleclick.net .adobetag.com .fbcdn.net .peer39.net demdex.net .adsonar.com .crwdcntrl.com .2o7.net .omtrdc.net .troveread.com .mathtag.com .parsely.com
Deny

Site .reddit.com .stumbleupon.com .twitter.com
Accept from SELF
Deny

Site .google.com
Accept from .youtube.com .blogspot.com
Accept from SELF
Deny
On this page: http://arstechnica.com/information-tech ... lesystems/ , if I scroll down to the end, I get this:

Code: Select all

Request {GET hxxp://www. reddit. com / static/ button /button3. html ? (snipped due to spam filter) - 7} filtered by ABE: < .reddit.com .stumbleupon.com .twitter.com> Deny
I know that I can turn off ABE notifications, but why does this specific rule generate a message?
Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20140116 Firefox/24.0 PaleMoon/24.2.2
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: ABE rules triggering messages for some rules

Post by Thrawn »

Can you send the whole message to a moderator via private message?

The second rule restricts reddit to receive requests only from itself, which may be your problem.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:26.0) Gecko/20100101 Firefox/26.0
access2godzilla
Senior Member
Posts: 109
Joined: Sun May 20, 2012 5:09 pm

Re: ABE rules triggering messages for some rules

Post by access2godzilla »

Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20140116 Firefox/24.0 PaleMoon/24.2.2
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE rules triggering messages for some rules

Post by barbaz »

Script permission status of those sites?
Could you please post also the messages in the Browser Console?
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; Linux i686; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26a1
access2godzilla
Senior Member
Posts: 109
Joined: Sun May 20, 2012 5:09 pm

Re: ABE rules triggering messages for some rules

Post by access2godzilla »

Scripts globally allowed, no sites in untrusted. All other settings are same as the defaults.

I can't post anything from the browser console here due to the spam filter, but the general structure is:

Code: Select all

[ABE] <<site>> <action> on {<request type> <url> <<< <document> - <number>}
USER rule:
<ruleset>
To see what is actually generated, you can put in my rules.

Just to clarify, my question is, why would some specific rules generate a message while others do not?
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE rules triggering messages for some rules

Post by barbaz »

OK, reproduced. Unfortunately the washingtonpost message got lost, but here's the reddit one with irrelevant parts snipped:

Code: Select all

[ABE] <.reddit.com .stumbleupon.com .twitter.com> Deny on {GET http://www.reddit.com/ [ ETC ] <<< (snip) arstechnica (snip) - 7}
USER rule:
Site .reddit.com .stumbleupon.com .twitter.com
Accept from SELF
Deny
Note the number 7:
https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsIContentPolicy wrote:TYPE_SUBDOCUMENT 7 Indicates a document contained within another document (for example, IFRAMEs, FRAMES, and OBJECTs).
Looks like the notification is firing for iframes, even though it's not supposed to: (emphasis added by me)
http://noscript.net/abe/users.html wrote:If ACTION is Deny and the blocked request is targeted to a *top-level* window, an user-facing notification is also issued, with an Options button which lands directly in the ABE configuration panel.
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; Linux i686; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26a1
User avatar
SeanM
Junior Member
Posts: 44
Joined: Fri Jul 24, 2009 1:42 pm
Location: Upstate, New York USA

Re: ABE rules triggering messages for some rules

Post by SeanM »

While tinkering with doubleclick.net in ABE, I ran into the subject matter of this thread. To wit, the following is displayed at the top of the display:

Code: Select all

[ABE] <.doubleclick.net> Deny on {GET http://3687047.fls.doubleclick.net/activityi;src=3687047;type=retar754;cat=retar424;ord=1856690113655.9634? <<< http://www.classmates.com/places/school/West-High-School/25?startYear=1963&endYear=1969&type=registration - 7} filtered by ABE: <.doubleclick,net> Deny
The associated USER rule:

Code: Select all

Site .doubleclick.net
Accept from SELF++
Accept from *.last.fm
Accept from .americanexpress.com
Accept from .nysaves.org
Accept from .pandora.com
Deny
I have checked "iFrame" under "Embeddings". After I parsed out the message (above), I added "Deny INCLUSION" to the ABE rule, to read:

Code: Select all

Site .doubleclick.net
Accept from SELF++
Accept from *.last.fm
Accept from .americanexpress.com
Accept from .nysaves.org
Accept from .pandora.com
Deny INCLUSION
Deny
The message to the display no longer appears, rather logs correctly (and only) to the Error Console. Is the behavior correct, or is NoScript diplaying the error regardless of the "Notifications" settings ?
Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE rules triggering messages for some rules

Post by barbaz »

SeanM wrote:I have checked "iFrame" under "Embeddings".
Apparently, this bug also applies to <frame> elements.
SeanM wrote:The message to the display no longer appears, rather logs correctly (and only) to the Error Console. Is the behavior correct, or is NoScript diplaying the error regardless of the "Notifications" settings ?
NoScript does correctly obey the ABE notification setting. The problem is that it's not correctly identifying whether a window is top-level, so it's erroneously firing the notification.
I suppose what's going on might be that when it's hitting "Deny INC", it *knows* that the blocked resource isn't displayed as a top-level window, so it doesn't fire the notification.


(Side note: For performance reasons, I suggest you edit your ABE rule to look like this:

Code: Select all

Site .doubleclick.net
Accept from SELF++
Accept from *.last.fm .americanexpress.com .nysaves.org .pandora.com
Deny INCLUSION
Deny
)
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 SeaMonkey/2.28a1
User avatar
Giorgio Maone
Site Admin
Posts: 9454
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: ABE rules triggering messages for some rules

Post by Giorgio Maone »

barbaz wrote: The problem is that it's not correctly identifying whether a window is top-level, so it's erroneously firing the notification.
I suppose what's going on might be that when it's hitting "Deny INC", it *knows* that the blocked resource isn't displayed as a top-level window, so it doesn't fire the notification.
Investigating, thanks.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
Guest

Re: ABE rules triggering messages for some rules

Post by Guest »

(Side note: For performance reasons, I suggest you edit your ABE rule to look like this:

Code: Select all
Site .doubleclick.net
Accept from SELF++
Accept from *.last.fm .americanexpress.com .nysaves.org .pandora.com
Deny INCLUSION
Deny
And what this?

Code: Select all

Site .doubleclick.net
    Accept from SELF++
    *.last.fm .americanexpress.com .nysaves.org .pandora.com
    Deny INCLUSION
    Deny
Mozilla/5.0 (Windows NT 6.0; rv:28.0) Gecko/20100101 Firefox/28.0
Post Reply